New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mac OS binaries are unsigned #7826
Comments
Easier said than done, I'm afraid. You'll find this is a common problem with open source games such as these, as the fix involves registering "the company" with Apple (most open source communities do not have a legal identity that Apple recognises as a company). Oh, and you need to pay Apple $99/year for a developer licence. Not something anyone's been willing to do thus far. |
The $99 isn't the limiting factor. The limiting factor is that somebody has to be interested in solving this. Currently that hasn't happened. 👍 This is likely to become more of an issue in future, as Apple have indicated that they may introduce mandatory notorisation for all software. https://blog.fleetsmith.com/macos-mojave-app-notarization/ To do that without the user being able to apply policy exemptions is unlikely, as it will kill the Mac as a developer platform, and developing on Mac remains important for Apple's iOS cashcow. However that's beyond the scope of this chat 😄 TL;DR OpenTTD probably needs notarised, but that may require an OpenTTD organisation, which we don't have. I started investigating how that might be done, but it has fallen into a hole. |
It's a lot of legal hassle to go through and register a developer account which is not a private one: https://developer.apple.com/support/enrollment/ - especially when you so far have no legal entity at all. |
Has there been any update on this? I'm not sure how long you will be able to run non-notarized apps, probably not in macOS 10.16 |
And it’s a security risk for anyone. I can’t believe this is treated so lightly.
… On 4 Apr 2020, at 17:33, Sam Schmitt ***@***.***> wrote:
Has there been any update on this? I'm not sure how long you will be able to run non-notarized apps, probably not in macOS 10.16
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
If you would like to assist with resolving it, contributions are welcome. |
I guess that this too would require a Code Signing Certificate. See #8056 for the Windows variant of this issue. |
This would only need an Apple Developer Account, which is $100/yr |
We have no way to get an Apple Developer Account currently. Rules are here https://developer.apple.com/support/enrollment/ [Money is not the major blocker on this issue] |
would joining an organisation like the Software Freedom Conservancy be an option? |
@serprinss that's a great idea! I'm a member of the SF conservancy. The OpenTTD devs can take a look here for details on becoming a member project: https://sfconservancy.org/projects/apply/ Becoming a member project may have benefits for OpenTTD other than signed macOS binaries, too: https://sfconservancy.org/projects/services/ |
Given that SFC is US-based, and most (all?) developers are EU-based, it is unknown to us what the impact would be, in legal terms. So we are simply put not sure. As this is an ongoing discussion on several levels, I put out a gist with a summary of what we know: I could use advise (backed up with reading material, of course). This really feels to us like a HTTPS certificate felt 3 years ago. Difficult to navigate, you don't really know what you get, and you hope everything works out for the best. So any guidance is apperciated. |
What's the requirements of notarization? Does a potential contributor just have to have a $99/yr dev account? I happen to have one, and wouldn't mind notarize OpenTTD in my name, issue is that my company name may appear different places in the os in relation to OpenTTD |
The issue is entirely organisational by now. We have discussed the issues with code signing and related, and everyone agrees it's important that binaries are signed by a company which has OpenTTD in the name, not by a personal certificate nor by an unrelated company. Anything to do with funds to pay for certificate is secondary at most, although donations are still accepted :) |
Version of OpenTTD
1.9.3 on macOS Mojave
Expected result
Actual result
The app should start instead of showing a message like this.
Steps to reproduce
Install through home brew and click the Application in LaunchPad.
Extra note
This stuff really should get fixed. I'm not going to run unsigned apps on my Mac. Since it's also my production machine.
The text was updated successfully, but these errors were encountered: